Getting Started with Streaming
This information describes how to get started with Streaming.
Get started with Streaming by familiarizing yourself with the service and the ways you can access it:
- Overview of Streaming
- Accessing Streaming
- Limits on Streaming Resources
- Partitioning a Stream
- Required IAM Policy
Then, move on to stream creation, production, and consumption:
Required IAM Policy
To use Oracle Cloud Infrastructure, an administrator must be a member of a group granted security access in a policy by a tenancy administrator. This access is required whether you're using the Console or the REST API with an SDK, CLI, or other tool. If you get a message that you don't have permission or are unauthorized, verify with the tenancy administrator what type of access you have and which compartment your access works in.
For administrators: The policy in Let streaming admins manage streaming resources lets the specified group do everything with streaming and related Streaming service resources.
Policies for Private Endpoints
To set up a private endpoint, you must have access to a VCN with a private subnet where DNS resolution is enabled. For general information about policies and permissions to do this, see IAM Policies for Networking. Specifically, you need use permissions for a VNIC, a network security group, if you specify one, and a subnet. For example:
allow group ServiceWriters to use vnics in compartment ABC
allow group ServiceWriters to use network-security-groups in compartment ABC
allow group ServiceWriters to use subnets in compartment XYZPolicies for Encryption Keys
To use your own encryption key, you must let the Streaming service use a Vault key to encrypt data in streams in this stream pool. For example:
allow service streaming to use keys in compartment ABC where target.key.id = '<key_OCID>'The preceding policy also requires a companion policy to let Streaming use a key on behalf of a user group to create a stream pool that uses the key for cryptographic purposes. For example:
allow group StreamWriters to use key-delegate in compartment ABC where target.key.id = '<key_OCID>'
If you're new to policies, see Managing Identity Domains and Common Policies. If you want to dig deeper into writing policies for the Streaming service, see Details for the Streaming service in the IAM policy reference and Accessing Streaming Resources Across Tenancies.